| 1 |
On 29 Sep 2008 at 18:21, Alex Efros wrote: |
| 2 |
|
| 3 |
> Is my question too complex and nobody know the answer (or even guesses), |
| 4 |
> or it's too stupid and everybody wait until I try google (I've tried it |
| 5 |
> already, without success)? |
| 6 |
|
| 7 |
maybe it's because of what you said: |
| 8 |
|
| 9 |
> I've no idea why grsec complain in logs about it. |
| 10 |
|
| 11 |
at this point it's clear that you didn't quite read the description of |
| 12 |
GRKERNSEC_RESLOG which is what you've apparently enabled. in short, grsec |
| 13 |
is doing what you asked it to do: log various resource overstep events. |
| 14 |
|
| 15 |
why those events occured is another question and each case needs its own |
| 16 |
investigation. for example overstepping the default 8MB stack limit by |
| 17 |
180MB sounds like a memory corruption problem or something trying to pass |
| 18 |
an inordinate amount of data on the stack (say, in the environment). |
| 19 |
whether that was because of e.g., a bug in a script on your server or an |
| 20 |
exploit attempt is hard to tell after the fact. also the AS limit overstep |
| 21 |
is a known issue, qmail tries to be smart and fails to estimate its own |
| 22 |
memory needs. |
Archives